[liberationtech] [pfSense] NSA Laughs at PCs, Prefers Hacking Routers and Switches
Chris Buechler
cmb at pfsense.org
Wed Sep 4 20:14:38 PDT 2013
On Wed, Sep 4, 2013 at 7:33 PM, Robert Guerra <rguerra at privaterra.org> wrote:
>
> Curious on people's comments on types of routers, firewalls and other appliances that might be affected as > well as mitigation strategies. Would installing a pfsense and/or other open source firewall be helpful in
> anyway at a home net location?
>
Maybe. Depends on what you're comparing it to. Versus any
consumer-grade router, you're almost certainly far better off
security-wise with pfSense (or any other professional-grade solution
with a solid track record). Those products tend to ship with outdated
underlying components, insecure defaults, the web interfaces are
commonly exploitable, built-in backdoors have been found on multiple
occasions, and the firmware commonly isn't maintained as it should be
as security issues in their underlying components are discovered. One
good example affecting a wide range of such vendors from earlier this
year:
http://blog.pfsense.org/?p=688
But that only matters if the direct target is your router/firewall. If
the NSA wanted to break into your home router, they'd certainly find a
means of doing so. Rooting your PC to capture the password or
something along those lines if it weren't directly exploitable. Where
you'll potentially benefit is with less capable adversaries, or in not
getting owned at some point in the future by a router worm or someone
sweeping the Internet with an exploit.
More information about the liberationtech
mailing list